From ae0bdf09ca9737d5db9453966cf4705bdd420d31 Mon Sep 17 00:00:00 2001
From: Ley Foon Tan <ley.foon.tan@intel.com>
Date: Tue, 25 Aug 2020 10:26:36 +0800
Subject: [PATCH] net: tftp: Fix store_block offset calculation

tftp_cur_block start with 1 for first block, but tftp_cur_block counter is
start with zero when block number is rollover. The existing code
"tftp_cur_block - 1" will cause the block number become -1 in store_block()
when tftp_cur_block is 0 when tftp_cur_block is rollover.

The fix pass in tftp_cur_block to store_block() and minus the
tftp_block_size when do the offset calculation.

Signed-off-by: Ley Foon Tan <ley.foon.tan@intel.com>
Reviewed-By: Ramon Fried <rfried.dev@gmail.com>
---
 net/tftp.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/tftp.c b/net/tftp.c
index 380094d493..1c003871c1 100644
--- a/net/tftp.c
+++ b/net/tftp.c
@@ -159,7 +159,8 @@ static unsigned short tftp_window_size_option = TFTP_WINDOWSIZE;
 
 static inline int store_block(int block, uchar *src, unsigned int len)
 {
-	ulong offset = block * tftp_block_size + tftp_block_wrap_offset;
+	ulong offset = block * tftp_block_size + tftp_block_wrap_offset -
+			tftp_block_size;
 	ulong newsize = offset + len;
 	ulong store_addr = tftp_load_addr + offset;
 #ifdef CONFIG_SYS_DIRECT_FLASH_TFTP
@@ -652,7 +653,7 @@ static void tftp_handler(uchar *pkt, unsigned dest, struct in_addr sip,
 		timeout_count_max = tftp_timeout_count_max;
 		net_set_timeout_handler(timeout_ms, tftp_timeout_handler);
 
-		if (store_block(tftp_cur_block - 1, pkt + 2, len)) {
+		if (store_block(tftp_cur_block, pkt + 2, len)) {
 			eth_halt();
 			net_set_state(NETLOOP_FAIL);
 			break;
-- 
2.39.5